Bug 823962: Pref sending CSP reports off for b2g until bug 824170 is resolved. r=fabrice a=blocking-basecamp
☠☠ backed out by cd54f3557ae6 ☠ ☠
authorChris Jones <jones.chris.g@gmail.com>
Fri, 21 Dec 2012 17:42:28 -0800
changeset 125955 5aa4d9daa13c5d4c4a2b9cc4aa2fcd8d1ed80b8a
parent 125954 d294f9a7d19fe2434ad8eb2f7b29b7695dcc97f4
child 125956 95c2a38b92adb1729d2fd204a6f298d472ee3987
push id2151
push userlsblakk@mozilla.com
push dateTue, 19 Feb 2013 18:06:57 +0000
treeherdermozilla-beta@4952e88741ec [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfabrice, blocking-basecamp
bugs823962, 824170
milestone20.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 823962: Pref sending CSP reports off for b2g until bug 824170 is resolved. r=fabrice a=blocking-basecamp
b2g/app/b2g.js
content/base/src/contentSecurityPolicy.js
modules/libpref/src/init/all.js
--- a/b2g/app/b2g.js
+++ b/b2g/app/b2g.js
@@ -362,16 +362,18 @@ pref("browser.dom.window.dump.enabled", 
 // from other dirs as webgl textures and more.  Remove me when we have
 // installable apps or wifi support.
 pref("security.fileuri.strict_origin_policy", false);
 
 // Default Content Security Policy to apply to privileged and certified apps
 pref("security.apps.privileged.CSP.default", "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'");
 pref("security.apps.certified.CSP.default", "default-src *; script-src 'self'; object-src 'none'; style-src 'self'");
 
+pref("security.csp.reports.enable", false);
+
 // Temporarily force-enable GL compositing.  This is default-disabled
 // deep within the bowels of the widgetry system.  Remove me when GL
 // compositing isn't default disabled in widget/android.
 pref("layers.acceleration.force-enabled", true);
 
 // handle links targeting new windows
 // 1=current window/tab, 2=new window, 3=new tab in most recent window
 pref("browser.link.open_newwindow", 3);
--- a/content/base/src/contentSecurityPolicy.js
+++ b/content/base/src/contentSecurityPolicy.js
@@ -230,16 +230,19 @@ ContentSecurityPolicy.prototype = {
   },
 
   /**
    * Generates and sends a violation report to the specified report URIs.
    */
   sendReports:
   function(blockedUri, originalUri, violatedDirective,
            aSourceFile, aScriptSample, aLineNum) {
+    if (!Services.prefs.getBoolPref('security.csp.reports.enable')) {
+      return;
+    }
     var uriString = this._policy.getReportURIs();
     var uris = uriString.split(/\s+/);
     if (uris.length > 0) {
       // see if we need to sanitize the blocked-uri
       let blocked = '';
       if (originalUri) {
         // We've redirected, only report the blocked origin
         let clone = blockedUri.clone();
--- a/modules/libpref/src/init/all.js
+++ b/modules/libpref/src/init/all.js
@@ -1378,16 +1378,17 @@ pref("security.directory",              
 pref("signed.applets.codebase_principal_support", false);
 pref("security.checkloaduri", true);
 pref("security.xpconnect.plugin.unrestricted", true);
 // security-sensitive dialogs should delay button enabling. In milliseconds.
 pref("security.dialog_enable_delay", 2000);
 
 pref("security.csp.enable", true);
 pref("security.csp.debug", false);
+pref("security.csp.reports.enable", true);
 
 // Mixed content blocking
 pref("security.mixed_content.block_active_content", false);
 pref("security.mixed_content.block_display_content", false);
 
 // Modifier key prefs: default to Windows settings,
 // menu access key = alt, accelerator key = control.
 // Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js